Data Risk Management – Applying a Holistic Approach | ERM - Enterprise Risk Management Initiative

Due to the increasing costs associated with protecting and maintaining data, a holistic approach to data risk management is becoming essential to organizations. A whitepaper published by IBM discusses the framework and practices involved in using a holistic approach for implementing data risk management programs across organizations.

Reliable, secure data can be lost in a variety of ways, from a missing laptop to natural disasters that destroys data centers and other electronic data storage facilities. More organizations are realizing the need to focus explicitly on data risk management that helps them consider a complete risk picture of data protected in order to highlight areas where negative risks can be mitigated and positive risks can be leveraged. Effective data risk management requires processes and procedures to coordinate the effort across the entire organization.

The IBM white paper highlights how past approaches to data risk management have focused on reacting to negative risks, such as hacking and system failures. However, this method of compartmentalizing risks is not as effective as business-oriented, holistic approaches. With a holistic approach, data risk policies and procedures should be built into business systems and processes to make data risk management more transparent. Also, to optimize data management, data should be prioritized in order of importance and redundancies should be eliminated. A good data risk management program should address the risks inherent when data is at rest in storage, in motion on the network, and in use on the desktop.

Additionally, the whitepaper states that data risk management standards and practices should:

Define the scope of risk analysis based on infrastructure and technology,
Identify and define threats and risks,
Assess the likelihood of occurrence and impact of risks,
Evaluate the quality of existing controls,
Assess risks and determine responses,
Develop, test, and implement plans for risk treatment,
Provide ongoing monitoring and feedback, and

Address the opportunities identified.

Click below to download the publication.

Link: IBM

Enterprise Risk Management Initiative, Poole College of Management, North Carolina State University

Providing Thought Leadership, Education and Training on the Subjects of Enterprise Risk Management

What’s New

Getting Started in ERM

ERM & Strategy

Key Components of ERM

ERM Leadership & Risk Governance

Individual Risk Considerations

Evaluating Your ERM Program

Insights from Risk Leaders

Data Risk Management – Applying a Holistic Approach

Subscribe to ERM Insights

Share

Browse Topics

Getting Started in ERM

ERM and Strategy

Key Components of ERM

ERM Leadership and Risk Governance

Individual Risk Consideration

Evaluating Your ERM Program

Insights from Risk Leaders

What’s New

Getting Started in ERM

ERM & Strategy

Key Components of ERM

ERM Leadership & Risk Governance

Individual Risk Considerations

Evaluating Your ERM Program

Insights from Risk Leaders

Master of Management, Risk and Analytics Concentration

NC State ERM Fellows

Master of Accounting (MAC) - ERM Concentration

Mark Beasley, Ph.D

Bonnie Hancock, M.S.

Bruce Branson, Ph.D

Data Risk Management – Applying a Holistic Approach

Subscribe to ERM Insights

Share

Browse Topics